09 Sep 2019
Session Block—Privacy Engineering 10:40 - 11:00

The digital era requires services online,that customers can execute with the click of a button. Businesses have no option but to allow high risk transactions to be completed online because their customers are accustomed to it. Ensuring availability of services while safeguarding privacy of customer information is one of the biggest challenges with digital authentication. Increased Account Take Over incidents necessitated the evolution of authentication methods beyond passwords. Stronger Multi Factor authentication methods are now avai lable, but adoption is low due to various factors. A complex authentication process would protect customer information but drive down usability and would not be favorable for business growth. On the other hand, a data breach could be detrimental to the business and could potentially lead to loss of customer base. Improvement of user experience with seamless authentication while increasing the friction to disallow threat actors is the ideal end state businesses strive to reach.

At CVS Health, we have solved this problem by adopting a Risk based approach towards authentication. We have embraced FIDO standards to enable stronger authentication and move the industry forward towards a decentralized authentication framework. We have increased the threshold for Identity vetting during digital identity enrollment and other use cases that are considered high risk. With the explicit consent of the user, a digital profile of the user is built that sums up not just the binary result of authentication but all the attributes that make up the digital presence are stored and compared against during future interactions. Authentication is now a continuous process and is based on the trust established overthe course of a user's connections in the digital world.

Details on the implementation of this Risk based, approach along with FIDO standards will be presented.

CVS Health
Senior Security Advisor


Discussion not started yet.